<?

	include("inc/config.inc.php");

	$id = mysqli_real_escape_string($con,$_GET[id]);

	$result = mysqli_query($conn, "SELECT * FROM requests WHERE requestid='$id'");

	// Check request exists
	if ($row = mysqli_fetch_assoc($result))
	{

		// HR power!
		$power = false;
		if ($_SESSION[role] == "HR")
			$power = true;
			
		// Check user owns the request, unless HR role
		if (($row[user] != $_SESSION[user]) && $power == false)
			die("Error 11 deleting request $id - Please contact support.");

		// Check request is not in the past, unless HR role
		if ((strtotime($row[startdate]) <= strtotime(date("Y-m-d"))) && $power == false)
			die("Error 12 deleting request $id - Please contact support.");

		// Update the database
		mysqli_query($conn, "UPDATE requests SET status='Cancelled', statusmessage='Cancelled by $_SESSION[user]' WHERE requestid='$id'");
		
	        // Humans date format for email
	        $startdate = date("d-m-Y", strtotime($row[startdate]));
	        $enddate = date("d-m-Y", strtotime($row[enddate]));

		// Email Manager
		niceMail(getManagerEmail($row[user]), 'Holiday cancelled by '. $_SESSION[user], "A holiday request for $row[user] has been cancelled by $_SESSION[user].\n\rFrom: $startdate ($row[starttime])\rTo: $enddate ($row[endtime])\n\r");

		if ($power && $_GET[hr]==1)
			header("Location:userview.php?u=$row[user]");
		else
			header("Location:main.php?delreq=$id");
			
	}

	else
	{
		die("Error 13 deleting request $id - Please contact support.");
	}


?>
